<?php
require_once(dirname(__FILE__)."/config.php");
CheckPurview('member_Pm');
//检查用户名的合法性
function CheckUserID($uid,$msgtitle='用户名',$ckhas=true)
{
	global $cfg_mb_notallow,$cfg_mb_idmin,$cfg_md_idurl,$cfg_soft_lang,$dsql;
	if($cfg_mb_notallow != '')
	{
		$nas = explode(',',$cfg_mb_notallow);
		if(in_array($uid,$nas))
		{
			return $msgtitle.'为系统禁止的标识！';
		}
	}
	if($cfg_md_idurl=='Y' && eregi("[^a-z0-9]",$uid))
	{
		return $msgtitle.'必须由英文字母或数字组成！';
	}

	if($cfg_soft_lang=='utf-8')
	{
		$ck_uid = utf82gb($uid);
	}
	else
	{
		$ck_uid = $uid;
	}

	for($i=0;isset($ck_uid[$i]);$i++)
	{
			if(ord($ck_uid[$i]) > 0x80)
			{
				if(isset($ck_uid[$i+1]) && ord($ck_uid[$i+1])>0x40)
				{
					$i++;
				}
				else
				{
					return $msgtitle.'可能含有乱码，建议你改用英文字母和数字组合！';
				}
			}
			else
			{
				if(eregi("[^0-9a-z@\.-]",$ck_uid[$i]))
				{
					return $msgtitle.'不能含有 [@]、[.]、[-]以外的特殊符号！';
				}
			}
	}
	if($ckhas)
	{
		$row = $dsql->GetOne("Select * From `#@__member` where userid like '$uid' ");
		if(is_array($row)) return $msgtitle."已经存在！";
	}
	return 'ok';
}

if(!isset($action))
{
	$action = '';
}
if($action=="post")
{
	$floginid = $cuserLogin->getUserName();
	$fromid = $cuserLogin->getUserID();
	if($subject=='')
	{
		ShowMsg("请填写信息标题!","-1");
		exit();
	}
	$msg = CheckUserID($msgtoid,"用户名",false);
	if($msg!='ok')
	{
		ShowMsg($msg,"-1");
		exit();
	}
	$row = $dsql->GetOne("Select * From `#@__member` where userid like '$msgtoid' ");
	if(!is_array($row))
	{
		ShowMsg("你指定的用户不存在,不能发送信息!","-1");
		exit();
	}
	$subject = cn_substrR(HtmlReplace($subject,1),60);
	$message = cn_substrR(HtmlReplace($message,0),1024);
	$sendtime = $writetime = time();

	//发给收件人(收件人可管理)
	$inquery = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)
      VALUES ('$floginid','$fromid','{$row['mid']}','{$row['userid']}','inbox','$subject','$sendtime','$writetime','0','0','$message'); ";
      
	$dsql->ExecuteNoneQuery($inquery);
	ShowMsg('短信已成功发送','member_pmone.php');
	exit();	
	
}
require_once(DEDEADMIN."/templets/member_pmone.htm");

?>